Hi I totally understand, and I appreciate these SVG very much, they are great and I have been using them in Visio (just kind of convert them manually from images).     Keep up the good work 🙏   Kind regards, Frank ... View more

I think its a really subjective issue, Visio has always been the standard and many of us still use it because it doesn't really come short.   I have tried other tooling including lucidchart, but they are essentially made for flowcharts not for detailed low level diagramming. For me it feels off.   Anyway Cisco has/is always been 'Visio-minded' with decent detailed hardware stencils, so it's just obvious that we would expect the same from Meraki. ... View more

Some of the SVG open fine in Visio, but the technical ones fill up with all black. Would be nice if they can at least be adjusted in the export to be usable in Visio.   Cisco has always, and still offered Visio stencils https://www.cisco.com/c/en/us/products/visio-stencil-listing.html     ... View more

Ok, thanks for the info ... View more

Hi @ag_scilo @TaylorJohnson , did you get an answer to question 1? We are seeing this, though not often. But it seems not related to actual link state   Kind regards, Frank ... View more

Same issue here, so still going ... View more

<> ... View more

Nope ... View more

I guess I just found the answer: "If the two MX’s public IP addresses match, then the MXs in question are in the same private network. As such, they should route to one another via their interface IP addresses" ... View more

Source: https://meraki.cisco.com/blog/2018/06/all-about-autovpn/: The punch process The punch process is actually the “client” in a client-server relationship, with the server portion being the “Cisco Meraki VPN Registry.” The VPN Registry is a service independent of the Meraki dashboard, used to register each MX’s public and interface IP addresses. The Registry then uses some simple logic to understand how to route between the various MXs in an organization (in order to create VPN tunnels). Namely: Check for match – If the MX’s public IP and the interface IP match, then the MX in question is directly connected to the internet on that WAN interface No Match – MX WAN circuits with different public IP addresses should route between those public IP addresses directly Route Initiated – If the two MX’s public IP addresses match, then the MXs in question are in the same private network. As such, they should route to one another via their interface IP addresses The VPN registry then passes this information to the dashboard. ... View more

Hi, Is this true also when the two internal MX appliances are in different subnets? I assume in either case there is hairpin NAT necessary on the internet gateway router.   Kind regards, Frank ... View more

Hi,   Installed 18.208 on MX85. Great performance increase.   But be warned we are experiencing issues with configured 1-to-1 NAT rules. MX dropping random packets as if there is something wrong in the session/translation table lookups   ... View more

Hi,   Thanks@MarcAEC for sharing, I stumbled upon this and the solution still seems to work good.   And it looks like the sharing of the 'disabled' routes is expected behavior as also described in the knowledge base:   https://documentation.meraki.com/MX/Networks_and_Routing/MX_Routing_Behavior   Advanced Configurations->Static Route Tracking: The route tracking mechanism only has local significance, which means, that the status of the route doesn't influence whether the route is advertised or not and it won't affect the routing on the remote end of the VPN.   Cheers ... View more

Thanks for sharing @DrDray  ... View more

With a stack 2* MS390-24: First switch first port starts at 9 Second switch first port starts at 53 ... View more

MS390 SNMP ifIndex integer offset starts at 9 instead of 1   This is mentioned in 15.6 as fixed but I can confirm this is an issue on 15.21.1   ... View more

  MS390 SNMP ifIndex integer offset starts at 9 instead of 1 This was either not fixed or has returned. Currently on 15.21.1   ... View more

We just had this issue on 15.20. There seems to be some kind of relevance to a large L2 domain I think.   This was MS210 ... View more

The roaming client is only interfering with DNS and web traffic (if using the smart proxy)  so it’s probably because something is not resolving correctly or there is a conflict (post above from myhomenwlab) ... View more

Hi, did you try to configure the remote host in the windows vpn config based on the external IP of the VMX (instead of the dynamic hostname) ... View more

In my opinion the Advanced security throughput and all security features enabled throughput mean the same thing ... View more